CVE-2020-26252: Path Traversal

January 20, 2021 (updated January 28, 2021)

OpenMage is a community-driven alternative to Magento CE. In OpenMage there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to update product data to be able to store an executable file on the server and load it via layout xml.

References

nvd.nist.gov/vuln/detail/CVE-2020-26252

Detect and mitigate CVE-2020-26252 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →